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(54) METHOD AND DEVISE FOR MANAGING PASSWORD 

(57)Abstract: 

PROBLEM TO BE SOLVED: To improve the security of 
NIS of a UNIX system and to reduce the burden imposed 
on a managing server. 

SOLUTION: Concerning the password managing method 
for managing a password for permitting the use of data 
in a network for a user, the method is provided with a 
managing client 200 for managing the user, a managing 
server 100 for managing the passwords of all the uses 
through the respective managing clients 200, and the 
user information data base for storing the password 
information of users to be used of the respective 
managing clients 200. When a user is to update the 
password, the user inputs the new password to the 
managing client 200, the managing client 200 stores the 
former enciphered password and the new enciphered 
password in pair to the password change request file at 
fixed time and transfers both the enciphered passwords 
to the managing server 100, and the managing server 
100 performs processing for changing the password of 
the user while referring to the said user information data base at 




fixed time. 
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* NOTICES * 

JPO and INPIT are not responsible for any 
damages caused by the use of this translation. 

1. This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2. **** shows the word which can not be translated, 
3.1n the drawings, any words are not translated. 



CLAIMS 



CCIaim(s)] 

[Claim 1]When it has the following and a user updates a password, a user inputs a new password 
into said management client. Said management client stores the old encrypted password and a 
new encrypted password in a file for a password change wish on schedule at a pair, . Both 
encrypted passwords are transmitted to said managing server, and it is characterized by said 
managing server performing processing which changes a user s change password referring to said 
user information data base on schedule. A password management method which manages a 
password for permitting data use in a user's network. 
A management client which manages a user. 

A managing server which manages All Users's password through said each management client. 
A user information data base which stores a user's password information used by said each 
management client. 

[Claim 2]A password management method, wherein said each management client and said 
managing server perform said password change processing by regular batch processing on 

schedule in the password management method according to claim 1. 

[Claim 3]A password management method which manages a password for permitting data use in 
a user's network, comprising: 

A step which sets up one server which performs password management. 

In a step which makes other machines a management client, and said each management client, A 
step which performs processing which is not immediately reflected in a system when there is a 
password change demand by a user, A step which saves password change information per user 
ID to a password management directory, if on schedule comes — a managing server from said 
each management client — a password — changing — with a step to transmit. A step which will 
process a password change wish transmitted from said each management client, and will check 
that the password change wish concerned is effective if said managing server side also becomes 
on schedule, A step which change of a password completes by processing password update 
information transmitted from said managing server in said each management client when said 
managing server became a step which transmits password update information to said each 
management client on schedule, and being reflected in said network. 

[Claim 4]New password information transmitted between said management client and said 
managing server in the password management method according to claim 3 is not what was 
enciphered by standard password management function for OS, A password management method 
enciphering using a common cryptographic key managed by said managing server and said each 
management client. 

[Claim 5]A password management device which manages a password for permitting data use in a 

user s network, comprising: 

A management client which manages a user. 

A managing server which manages All Users's password through said management client. 
An input means which is provided with a user information data base which stores a user s 
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password information used by said each management client and as which, as for said 
management client, said user inputs a new password into said management client. 
A file storage means which stores the old encrypted password and a new encrypted password in 
a file for a password change wish on schedule at a pair 

A transfer means which transmits said both encrypted passwords to said managing server. 

A password change processing means to perform processing changed into said new password of 

said user a preparation and said managing server referring to said user information data base on 

schedule. 

A transfer means which transmits password information of a result depended on said password 
change processing means to said management client using said both encrypted passwords and a 
common encoding means. 

[Claim 6]In the password management device according to claim 5, said management client, 
Encipher, respectively, save an old password and a new password which were inputted by said 
input means, carry out an encryption new password which enciphered a new password only for 
management, and an encryption old password which enciphered an old password is made 
management, A password management device transmitting to said managing server. 



[Translation done.] 
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IThis document has been translated by computer. So the translation may not reflect the original 
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2.**** shows the word which can not be transiated. 
3.1n the drawings, any words are not translated. 



DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention]This invention, without using NIS (Network Information Service) generally 
used in a UNIX system, Improvement in security is aimed at and it is related with the password 
management method and password management device which perform password management 
which is used when operating two or more machines, and which was put in block. 
[0002] 

[Description of the Prior Art]Conventionaily, it is indicated by JP,60-1 64859,A as a password 
management method. This gazette about the password management method of a distributed 
processing computer system, As opposed to what had had and managed the password database 
individually per conventional computer, A local password database is installed in the local 
computer by which distributed installation was carried out, Share a local computer and to the 
host computer which carries out centra! control. The host password database which includes all 
the local password databases is installed, It is characterized by registering a password into a 
host password database and the appointed local password database, respectively, and carrying 
out common management from the arbitrary terminals connected to this system. In this way, the 
troublesomeness of the move procedure of the user by having managed independently for each 
[ which was distributed conventionally ] computer of every is removable, Prevention of the 
unauthorized use of a password could be coped with promptly, and the password registration 
management function that size is big did not need to be provided for every local, either, and has 
done so the effect of enabling simplification of the function of a local computer, and mitigation of 
load. 

[0003]A "network user authentication method" is indicated by JP,8~-335207,A, and it is in it. The 
system chart indicated in this gazette is shown and explained to drayying 8. As shown in drawing 
8, there are some which access each network mutually via a gateway computer. In order to 
exploit the resources of such an integrated network, the user needs to prove the justification of 
his identity to the server which has a user authentication function in each connected network. 
Calling this operation login, a user provides a password to a server and proves his identity. 
[0004]In drawing 8 , when a user logs in to the network 1 from the computers 15-16 for users of 
the network 9, he will pass the gateway computer 1 1. The security system in such two or more 
hierarchies' network, It is a method which judges the existence of the access right to other 
nodes with transmitting the password to each node which the user inputted to the gateway 
computer 1 1 of the node used as a direct access point, and a node checking a password. 
[0005]The communication media 2 which the network 1 connects each element in the network 1 
physically and logically, and turn into a medium of various data transmission, The management 
computer 3 which performs specially authenticating processing of each element which 
constitutes the network 1, or a user, The database 4 for managing the information about each 
element and user of the network 1, including ID, a password, etc., The authentication service part 
5 which gives an encryption key and a login certificate to a requiring agency according to the 
demand from each network element and user. The database manager 6 which performs read-out 
and the writing of data from the database 4. The server 7 which provides various services 



http://www4,ipdl.inpitgojp/cgi~bin/tran^web^cgi.ejue?atw_u=http%3A%2F%2Fwww4.i... 2008/09/10 



JP,2000~020469,A [DETAILED DESCRIPTION] 



2/6 ^— V 



according to the demand from the client 8, It is constituted with the client 8 which 
communicates with the management computer 3 or the server 7 according to the demand which 
provides the user of the network 1 with a command interface or an application program, and is 
emitted by the user through them. 

[0006]The network 9 managed independently [the network 1 ], The communication media 10 
which connect physically between each element in nine in a network, and logically, and turn into 
a medium of various data transmission, The gateway computer 1 1 with the role which is 
connected to the communication media 2 and 10, transmits the command from the computers 
15-16 between users to the network 1, and replies a result to the computer for users, The 
authentication processing part 12 which transmits an authentication demand to the management 
computer 3, and performs login processing to the network 1, The password management table 13 
which manages the information about the user of the gateway computer 1 1 and the network 9, 
including ID, a password, etc., It is ** constituted with the server 14 which provides various 
services, the computers 15 and 16 for users which communicate according to a demand of the 
user of the network 9, and the authentication demand part 17 which enters a user's ID and 
password. 

[0007]Then, if an authentication demand and user ID are transmitted to the management 
computer 13 from the users computer 15 in the case of login, the management computer 13 will 
be returned to the client for which a user uses the login certificate enciphered with the user's 
password, and an encryption key. The client 8 decrypts a login certificate and an encryption key 
with the password which the user entered. In this way, attestation is made possible, without a 
password flowing into the network 1. The user in the network 1 makes attestation possible, 
without pouring a password to the network 9 similarly, and supposes that the illegal acquisition of 
the password in a gateway computer can be eliminated. 

[0008]On the other hand in the UNIX system which it has as standard, a network function with 
NFS (Network File System) of a distributed file system. When performing two or more user 
management of a machine to a package, the so-called NIS (Network Information Service) of the 
name server is used frequently. Central control of the name of each user on a managing server 
and a password can be performed without troubling the labor of a network administrator making 
change of a system reflect for each machine of every by using NIS. 

[0009]NIS comprises on a client server model. An NIS server is a host with the NIS data file 

called a map, and an NIS client is a host who demands such map information 

[0010] 

[Problem(s) to be Solved by the Invention]However, there are the following problems in NIS 
[001 1]S ince others' password is easily decipherable to it once password information is flying 
about to the 1st continuously and obtains a network top to it like [ when changing the time of 
logging in, and a password ], I hear that there is a problem in security and it is in it. 
[0012]Since it says at a server an inquiry whenever a demand has [ 2nd ] a client, or a map is 
transmitted to a slave at any time from a server, I hear that load is applied to a network and a 
managing server, and it is in them. According to the gazette explained by the above-mentioned 
conventional example, this 2nd problem is not solved. 

[0013]This invention improves the security of NIS of the above-mentioned UNIX system, and it 

makes it a technical problem to ease the burden of a managing server 

[0014] 

[Means for Solving the Problem]In a password management method which manages a password 
for this invention to permit data use in a user s network, A management client which manages a 
user, and a managing server which manages All Users s password through said each management 
client, It has a user information data base which stores a user s password information used by 
said each management client, When a user updates a password, a user inputs a new password 
into said management client. Said management client stores the old encrypted password and a 
new encrypted password in a file for a password change wish on schedule at a pair, Processing 
which changes a user s change password is performed transmitting both encrypted'passwords to 
said managing server, and said managing server referring to said user information data base on 
schedule. 
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[0015]In a password management method which manages a password for this invention to permit 
data use in a user's network, In a step which makes a management client a step which sets up 
one server which performs password management, and other machines, and said each 
m.anagement client, A step which performs processing which is not immediately reflected in a 
system when there is a password change demand by a user, A step which saves password 
change information per user ID to a password management directory, if on schedule comes — a 
managing server from said each management client — a password — changing — with a step to 
transmit. A step which will process a password change wish transmitted from said each 
management client, and will check that the password change wish concerned is effective if said 
m.anaging server side also becomes on schedule, A step to which said managing server transmits 
password update information to said each management client, If on schedule comes, in said each 
management client, it will be characterized by step which change of a password completes, and a 
thing, ** and others, by processing password update information transmitted from said managing 
server, and being reflected in said network. 

[0016]This invention equips with the following a password management device which manages a 
password for permitting data use in a user s network, 
A management client which manages a user. 

A nnanaging server which manages All Users s password through said each management client. 
An input means which is provided with a user information data base which stores a user s 
password information used by said each management client and as which a user inputs a new 
password into said management client, A file storage means by which said management client 
stores the old encrypted password and a new encrypted password in a pair on schedule at a file 
for a password change wish, A password change processing means to perform processing a 
transfer means which transmits said both encrypted passwords to said managing server, and said 
managing server change a user's change password referring to said user information data base 
on schedule. 



[0017] 

[Embodiment of the Invention]The embodiment by this invention is described in detail, referring 
to drawings. 

[0018][A 1st embodiment] 

(Composition of this embodiment) In drawing 1, it becomes the management client 200 of WS 
(Workstation) which has adopted UNIX, and the managing server 100 as an operating system 
that this method is applicable. Although the managing server 100 comprises one set, if the 
number of the management client 200 is one or more, restriction in particular is not provided. 
[0019]The password change processing 120 by the regular batch which performs the password 
change wish where user information data base DB1 10 has been arranged, and which had a 
demand in the managing server 100 from each user. The regular batch password update 
information creation processing 130 which writes a user's information registered into that day in 
which total for every client, keep total data to a file for every client, and the file is deleted with 
an updating completion notification, An updating completion notification is checked from each 
client, and each processing of the regular batch update completion notification confirming 
processing 140 in which the update information from a client with a notice is deleted is made. 
When you have a transfer failure and no notice, updating or the compulsive reflection 150 by an 
operations manager is again processed on the next day at the time of updating. 
[0020]If the password change command 210 which saves the password to change for every user 
to the directory for changed information registration is emitted by each management client 200, 
Password change wish transmission 220 which transmits the changed information of a password 
to a managing server in regular batch is performed. The password update 230 which carries out 
change processing of password shadow according to User Information transmitted in regular 
batch is performed, and updating completion notification transmission 240 is performed to a 
managing server. 

[0021]Since the managing server and management client by this embodiment performed updating 
and management processing of the password, used expression called especially a managing 
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server and a management client, but. Even if it is a general server and a client, since the 
composition, and operation and an operation of this embodiment can be attained, it does not 
adhere to the name. 

[0022]With reference to (operation of this embodiment), next drawing 2, operation of this whole 
embodiment is explained in detail. By a UNIX system, since it is a time of changing a stage and a 
password at the beginning which registers self name and password when you wish entry to a 
system when generated by the password in a transmission line, the operation at the time of a 
password change is explained. 

[0023]First, in each management client 200, a user executes the password change command 210 
prepared for these methods. The password enciphered from the password entry of each 
management client (trypt) is extracted (21 1). The password before the user itself changing into 
the next is entered (212). Compare this enciphered password with the entered password (213), 
and user authentication will be ended if in agreement, Enter a new password twice for a check 
(214), and the file for a password change wish is created, The new password enciphered as the 
enciphered old password is saved (215), a new password is enciphered, it shall be only for 
management, the inputted old password is enciphered, and it transmits to (216) and the managing 
server 100 as an object for management. 

[0024]The file for a password change wish is created for every user ID by executing this 
command. The new password and old password which were enciphered by the exclusive 
cryptographic key are saved at this file. If this file becomes on schedule every day, it will be 
transmitted to a managing server (management client password change command 210 of drawing 
2). 

[0025]Next, with the managing server 100. as shown in dravyin if on schedule comes every 
day, password change processing will be performed (120). The new password which read each 
transmitted file for a password change wish, and was enciphered as the enciphered old password 
is read (121), The password of User Information DB1 10 is compared with the sent old password 
(122), and if equal, a new password (what was enciphered by the exclusive cryptographic key) is 
registered into User Information DB110 (123), and is stored (password change processing 120 of 
the managing server of drawin g 2 ). 

[0026]Next, when on schedule comes in the managing server 100 every day. as the user update 
information creation processing 130, A password change is read from User Information DB110 
(161), and the updated list list which bundled up the enciphered password only for [ of an on / 
User Information DB1 10 ] management is written in the file for transmission (162). It is 
transmitted to each management client 200 which corresponds this user update information 
(163). 

[0027]When on schedule comes every day, the transmitted user update information file is read 
and compositeHzed (231), and the password registered on User Information DB110 is made to 
reflect in a system by each management client 200 finally (management client user information 
update processing 230 of drayying 2 
[0028]Next, each processing is explained concretely. 

[0029]With reference to drawing 4, the password change command 210 prepared for each 
management client 200 is explained first. If this command is executed, the input of the present 
password will be required (21 1) and the present password will be entered (212). If the entered 
password and the password registered into /etc/shadow are equal (213), the input of a new 
password will be required twice (214,2140. If a new password is the same twice [ both ] (215), an 
old password and a new password will be written in a password change wish file (217), and a 
password will be enciphered by the cryptographic key only for management (218). The 
enciphered password is transmitted to a managing server, not carrying out password coincidence 
at Steps 21 A and 21 B by Step 213,215, on the other hand, in not being equal — — 
warning [ like ] is emitted and it ends. 

[0030]Next, with reference to drawing 5, the password change wish transmission processing 220 
is explained. If on schedule comes every day, the password change wish file for every user under 
a password management directory will be searched with each management client 200 (221), and 
a password change file will be altogether transmitted to the managing server 100 using the rep 
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command (222). It judges whether it succeeded in transmission (223), and the password change 
wish file on each management client is deleted after checking a transmission success (224). 
When transmission goes wrong at Step 223, processing again transmitted at the time of next 
starting is performed. 

[0031]Next, with reference to drawing 3, the password change processing 120 on the managing 
server 100 is explained. In the managing server 100, if on schedule comes every day, the 
password change wish file 220 transmitted from each management client will be processed. First, 
the list of flies in a password management directory is created, and it processes it one [ at a 
time ] (121). Next, an old password and a new password are read from the password information 
file 111 (122). Next, the password on User Information DB110 is read (123). About each file, if 
the password on User Information DB1 10 and the old password on a file are equal (124), a new 
password is made to reflect on User Information DB110, and is stored (125). (status: password 
change) Otherwise, the E-mail of the purport that it is an abnormal condition is transmitted to a 
user with a request, and addressing to a managing server operator (128), and status on the user 
D information B is changed into "password update failure" (129). The transmitted file is deleted 
after these processings are completed (126), The above-mentioned processing is repeated for 
every user (1 27). 

[0032]Next, with reference to drawing 6, the user update information creation processing 130 on 
the managing server 100 is explained. If on schedule comes in the managing server 100 every 
day, All Users's update information will be checked on User Information DB1 10 (131), Search a 
list with a password update and it is judged whether the flag of the purport that it updated is ON 
(132), Check a using state for every applicable registration destination (133), judge whether 
status of a using state is a password change or one of the password update failure (134), and if 
it is a password change, It creates in the form where a user update information file is Append(ed) 
as a transfer file of an applicable registration destination (135). This is processed for every 
registration destination, if all the registration destinations are checked (137) and it ends, an 
update flag will be cleared (138), and it judges whether All Users's check was ended (139), and 
ends. 

[0033] Finally, with reference to drawing 7, the renewal 230 of User Information on the 
management client 200 is explained. In each management client 200, if on schedule comes every 
day, it will start as a regular batch and the information transmitted from the managing server 100 
once [ 1 ] per day will be processed. The management client 200 searches the transmitted User 
Information update file (234), processes it sequentially according to the contents of a user 
update information file, and is read from the pointer of a file by one line (235). Next, setting out 
of a management client is changed into the password shown from the managing server 100 (236). 
The additional writing of the updating result is carried out at an updated information file (237). 
Next it confirms whether reading was ended to the last of a user update information file (238), 
and an updated information file is transmitted to a managing server (239). In this way, if change 
of a password is checked, it will be written in an updated information file and an updated 
information file will be transmitted to a managing server after completing all the processings 
(239). 

[0034]As mentioned above, in drawing 1 the management client 200, In order to update a 
password on schedule as regular batch processing, change processing of a password is 
performed according to transmitted User Information (230), and the file which described having 
carried out the completion of updating of this result for updating completion notification 
transmission is transmitted to the managing server 100 (240). In a managing server, an updating 
completion notification is checked from each management client 200 as updating completion 
notification confirming processing of regular batch processing. Then, the update information from 
a management client with a notice is deleted. In this way, a series of batch processing is ended 
(140). here, when transmission goes wrong, in the managing server 100, regular batch processing 
should do, for example to the next day — it is — or it is based on an operations manager — - re 
transfer directions are carried out compulsorily at a management client, and updating completion 
processing is performed (150). 
[0035] 
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[Effect of the Invention]According to this invention, since password information was enciphered 
and it has transmitted on a network using a managing server and the cryptographic key for 
exclusive use which each management client shared and has been managed, it is in being easily 
undecipherable even if the password information file under transmission includes others' hand. 

As a result, the security of a system improves. 

[0036]Since central control is carried out on a managing server, the batch management of the 
management client which are two or more UNIX machines can be carried out. As a result, the 

labor in a system management reduces. 

[0037]Since information transfer between a managing server and each management client is 
performed not on time one but every day using a regular batch, the traffic which flows on a 
network can be reduced and the load of a managing server and each management client can be 
reduced. As a result, the load to a network is reduced. 



[Translation done.] 
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JPO and INPIT are not responsible for any 
damages caused by the use of this translation. 

1. This document has been translated by computer. So the translation may not reflect the original 

precisely. 

2. **** shows the word which can not be translated. 
3.1n the drawings, any words are not translated. 



DESCRIPTION OF DRAWINGS 



[Brief Description of the Drawings] 

[Dravymg O 's a schematic diagram of the password management function by the embodiment 
of this invention. 

[ Dra wing 2llt is a flow chart of the password management by the embodiment of this invention. 
[Drawing 3]It is a flow chart of password change processing of the managing server by the 
embodiment of this invention. 

[Drawing^^4^^^ is a flow chart of the password change command processing of the management 
client by the embodiment of this invention. 

[Driawing 5]It is a flow chart of password change wish transmission processing of the 
management client by the embodiment of this invention. 

LQz^MD33]^^ is a flow chart of user update information creation processing of the managing 
server by the embodiment of this invention. 

[Drawing 7]It is a flow chart of user update information processing of the management client by 

the embodiment of this invention. 

[Dr^M is a system-outline figure by the conventional network authentication method. 

[Description of Notations] 

100 Managing server 

1 10 User information data base 

120 Regular batch password change processing 

130 Regular batch password processing 

140 Regular batch update completion notification confirming processing 

200 Management client 

210 Password change command 

220 Regular batch password change wish transmission processing 
230 Regular batch password update processing 
240 Updating completion notification check 



[Translation done.] 
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w^-r 5 fc 17 — K ^ "gmi- K t^a* 

^-^/;^^/n;^'7- K^Mff-r^l?^. ^-if ^ltf^^;x rz- 
-/^fl^0#i;::MtS^'-if tf «t'--^-<--;^ Loo 
[ft*!! 2 ] ft*il 1 {cWMo:>y^7^ V - V^^'Wm^mc 

- K^^ jE^*;^^' o fc i: ^ ;^ X a C^0^ L i 

y-" Kfl^JixV i^^ h y {c:=L--'f I D^{ilc/N;^ y 

t^^t tm^v^^ y4T>ht>h 

y<yy— KC)^MIlv^7i^^¥5i^-r^ :y y^c^ . 

y - KMirtf f B ^^mi- ^y^T-y^t^ 40 
fj:^t ^jfS^t^a^ y T V ^ T1ltiJtBt'ai^- 

l> y — ^ r <t ct y — K<7^^ M^s^^y 

[ft *il4 ] !»*ii3 l^tB^fecoyN;^ y- Kt^S^^i^^ 

if'^^;^y- ¥mmo smm(D^<y^y - v^mm^\^^ 
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fS^^^a^ y-YT^ ^Tl^aLTV^^itiicoBt^{[:::3^^- 
^i" 5 ^ CO 7^ y - K §r f^ai" S / ^ ;^ y - Kff 

^-^f^wai-^wa^y-rr^^ht. iutsf^a^^-Y 

ttife^S^a^y^T>'bT{£ffli-5-:^-if(D/'^ 

Suffif^a^y-YT^/ hft, mjt5:^-ifflfr/^;^y-K^ 

tu tfif^a ^ y T > A ;^ 1" 5 A ;^ ^ . 

y - Y^-wm^ ^myr-i m ^^^'\ty<y^ y 

tiJtsf^Pt-^{b/^:^ y- K^fi1Jf£^ai^-~/<^c$^i^-^^^^ 

20 Looffjffi^— if tT^tutStf/ y- Kd^^Mi-^ 

t^^fB/^;^y- K^^M^a¥i^J::J:5S*iD/N;^y— Kit 

:^ ^ it#m t ^ ^ ^ ;^ :7 - K VasSo 
[If 6 ] ft*il 5 \ct^m(D^<y^ y - K^aiig^c 

SulE«^a^y'YT>'hfi. ffiffiAyj^STA;/jLfcfB/< 

L. m^<:^y- Y'^m^-itV.tz,mmm^<:^y-V^'f 
mMmt L. !B/^;^y- K^Rf^ft^L/cPt-f-^tlH/Njxy 

- K^i^affl ^ LT. tutef^aif- ^'<(^ei^t-^ 

mmmmfmm 
[0001] 

fCj3V>T. —ilJlC^iJ/^^tLTl^^N I S (Network Info 
rmation Service) ^ffifflit-ff^. ir ^ ri. y 7^ ^ CO jnj _b 

y_ Kf^a$rtT5>'^";^I7- K^a^r&^t//^;^y- Kf^ 

[0002] 

60-16485 9-§-^$g(-r^^^i^Tl^5o 

^i. 5^t^:^a=^ >- 1"^-":^^' v';^xA(0/^;^ y— Kf'a::^ 

^-^■^-^^^tTWaLTV^fc::t(7:)fC>^L. :$->MiS: 

^ n — :^ /V =r > t:° — ^ n — :^ /w^ y — Kt"' 

— ;^SrfJ?:SL. ^^ti =^ — ^ -^^^x^^ 

^^^f^ai-^^J^;^ ^T(OD-;i7/W^ 
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J- V) Y^yy^y^ VT^-~^-^—:^flh'(I 

*iif^a-r5r t^-Wttt LTV^So r5bT. 

L ^ > t° :x - ^ S ^^gfj ^ L T V ^ :i 

t J: ^ \im^(D^m^-'m(r)m.t> l ^ . 

[0 0 0 3] ^fz.. #r?a¥8~3 3 5 2 0 7^<2>$B(^ 

\z,tm. ^ n/ci V ;^ X A [a L rm?^ 1- ^ o Ei 

[0 0 0 4] gl 8 f^*D^V^T, if — :^ 9 tZ) 

— ^ 1 5~1 6;^^^)T-:y — ^ 

Y^(Dy<7.u—Y^. %^(OT ^^:^%}ifl^j—Y(D 
^« 4r W KFf i" ^ fe ^ . 

[0 0 0 5] T>:y 1 fi. ^f. :y VV — ^ 1 F^(7:)# 

17 — :^ 1 (T^rL— ^.^^J^T^ y y 
^ Ig-^ ^ 5 JS C T f^a ^ V t:° :x - ^ 3 ^1)— y N 

[0 0 0 6] Sf::. ^-^y VV - ^ \ }i\m.tL\z.^-^^K 

lot. aftj^f* 2 t 1 0 f^Sa ^ tL-=Lv^if £ 
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Vt:"^ — ^1 5—1 ^t^^(0^^^y Y^^-v — 
\z.m% ^-if ;B =1 >- - ^ iciSff-T ^ 

to-^— h ^7111^ =r vt:°^ — ^ 1 1 >^t:"^ — 

*0^a^tT5ISflE*^!^SfPl 2 -i^^- in Vt":x- 

1 iRXJ^r-y h^-^ scD^—v'icmi-^mn (I 

13.^. ^^ii^-t^';^^g^iti-^^f-y^ 1 4 h 
y-^ 9(7^:^--tPo^*f^jJ;CTiiftt~^^--if^:='>' 
10 t^rr — ^15, 1 6 ir, :=L— lf(7:) I D-^/^;^ K^A 
;:^i-^mfjE^*fPl 7 :^^^)*^^ixTV^^, 

[0 0 0 7] ^5 LT. n:^V ViOlS, rL^4f > 

1 5^^?:)t^M^>t°:^-^ 1 3 {:^mum^t^-^ 

^a^{b-rSo r5LT. hy-^ ue:^i/^^E7- 
20 1^(7^^— f^^fl. l^mi^^-y hV — ^ 9l^y<7s9-~Y^d^ 

[0 0 0 8] h'p-^mm^mm'cmx. 

NFS (Network File System) t^\:i^ ^^-^i^l^a:) 
S (Network Information Service) T^J^^MM^^"^^ ^ iz 

[0 0 0 9] N I sfi^x^Tv h • -y— ^^^xV^±-e 

mj^^ti^. N I Sif-/<i:fl. -^^yytf^^mSN I 
[0 0 10] 

[ISPJ^W'LJ: 5 t^5flM] L^>L. NIS(^fl. 
40 [ooii]^if^, n^Vvi-SI^^^/N;^^-^'^^^ 

[00 12] ^7t. ^2(^. ^y^Tl^h-^>^J^(Dh^ 

JO v^?iv\ 
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[0 0 13] J^mmi-^. ±m\JN I Xv';^xACON I S 

^m-r ^^t ^mm t-t^o 

[0014] 

Bff::^^;:^^- K'SMilv^jl:7 r '<^t^(-^0Rt^it:/^;^!7- 
"bo 

[0 0 15] ^f-. :^^mn. :::L—^^(D:^.y i^^^^fy 

- V'Smf-^ i/^ h y J^^-f" I D ^4^^/-^;^ 7- 
5;^7"^/:7"i:, :£0#(^7t^<6 ^fiJtS#«^m::> T> 

[0 0 16] Sf-. :zL^^(r):^^y Y^^^^ 

t^S^ y Y T > h !7 - K^MElv ^ffl :7 r 

1^?frtr5:7r'r /i-tfi1t#l5:t. ttjfBf^f^f^{k^^°;=^ K 
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[0 0 17] 

[0018] mi (Dmmjfm'] 

fflLTV^SWS (Workstation) (D^^:^ y ^ T > h 2 

0 0 "Sm-^—y^i 0 otfj:^. wm-f—y^i o o\t 
—^t-hmf&^n^t\ i^a^^^Tvh2 0 oco-^^ 

[0019] ^m^-^< 1 0 0 {cn. ^—^KWLf—^ 

;^DB 1 1 0;a>ia'^$n. ^^—'V't^^W^^^^h-:^ 
fzy<y^y— K^Miiv^^lltTi'5:£9#'^^iy^^c 
9- KSM^^O^a 1 2 0 t . ^^0 tc^^^tLfc^-if (7:)1t 

c^o :7 r ^ /^^ffll^^t" 5 y^y<y.9- K Mfftf 
$Kf'^^J5g*0.S 1 3 0 t . ^^^-YTVh^^^t^Mff^Tii^o 

nm't^&^y<y'^^$j\^Tmii^m?E^^mi 4 oct:)^^ 

jESf0#i-StJ^MffXftiSffi«S^^-J:^3t§iJS&Stl 5 o 

[0 0 2 0] ^7c. ^t^a^y^TV h 2 0 Oi^fl. ^ 

30 -"^m^i^^i-^'^^y^9-V^^^-^>]<^2 1 0;655§it 

--^^(^tei^i-5>^'^;=^7-" K^MfIV^|si^2 2 0;^t^^^^T$ 

word shadow(7^^M^S^i"^^^;^ 7— KMSr 2 3 0 
^tT^tL. Mff^Tii^tei2^2 4 0 ;6^WS^-"/^l::>?l■L 

[0 0 2 1 ] ;$:*ffi?f$Fl^::J:^W^+H-/<^-^WS^y^ 
40 ^^fztiK -~li^(D'V—^<^^y^TlyhXh<^Xh. *^ 

[0 0 2 2] 11 2 ^#HH L 

UN I x^v^;^x ATil. ^'n;:^ ^7- K;^^e^y ^ 

50 [0 0 2 3] -i-r. ^'Sm^y^T>^h 2 0 0\c^\^- 
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K2 1 O^H^Ti-^o ^^^m^y^T>'h(Dy<:^9 
--j^^z^iyhV^-^m^it (trypt) 

(2 11) o ^-if 
;^!7— K^A:;^ji-^ (212) „ r(7:)0S-^{k^tLy^:^^;^ 

A:/7Lfc^^;^I7- K^^i:h^L (213) . - 

Sr*f^>(7:)fcfe2[H]A;^L (2 14) . 17— K'^MS 

fkLf-*if^^;^y— ^f*i?L (2 15) . ^if^^:^y- 

Pt-g-ftLTg^fflt LT (2 16) . ff^ih-/<10 0 
[0 0 2 4] K^rHtT-f^^iJciJ: 

y-TT^h • K^M^-^v K2 1 0) „ 

[0 0 2 5 ] mz.^ m 2 ^CTj^-tct 5 f=af--/< 1 0 

6 (1 2 0) o te^i^^nT#fc^^^;^^7- K^^MUv^ffl 

{k^tLfcifr^-^^^y-- Ki:^Si<^^^<?A (12 1) . if 
Iff^gDB 1 1 K^3i^bi^T^/'-10/^;^y — 

K^ii:«£L (12 2) . I^Lttnfi«f^N;^y- K (*ffl 
Pt#ft^-Tig^fk$tL/ct(7:)) ^^-^ftffffiDB 1 1 
Qi\^mAV.X (12 3) . (lll2(OffSf— ^< 

(D^<y^ y — K^M^OfS 120), 

[0 0 2 6 ] mz.^ f^Mf— /<1 0 O-rilfe0^i?#Jvl/^ 
^--if Miftf #{1^^^^ 1 3 0^ LT. ^-iftf 
SDB 1 1 O;*^^^/";^^— K^M^K^iZ.^ (16 

1) s ^-if'lt^DB 1 1 Q \i(o'^^m-mmt%\\L^f\. 

:7r ^/i-J^#^3Atp (162) , -c7:)^^ifMSrtf$6^ 
^ii-t^^Wa^^-f T> h 2 0 0--tei2^^tL^ (16 

3) o 

[0 0 2 7] Wm^. ^Vm^y-fT> h2 0 OXa^ 

B^m\zfj::^t. f^m^tix^fc^-^mmnyr^ 

/l-^m^^^. m^itl^X (2 3 1) . :iL^if^tf $gD B 

1 1 o±Jc:at|;^i^TV^^^^;^7— K^v';^7"i^(::^P* 

3 0) „ 

[0 0 2 8 ] Tkiz^ ^^m^z-:)\^^xM,i:^mizmmi-^o- 

[0 0 2 9] STIl4^#fiSLT, #WS:^^-rT>b 

2 0 0f3:fflE-t5>^^°;^i7- K'^M^-^^- K2 1 oj>iov^ 

— KcoA/j^^^^n (211) , Jaftco/<;^y— 

AJj-t^ (2 12) , A/JLTC/N^^y- Ki:/etc/shado 

wJc^®^i^T^/^S/^";^y- K:;3^^^Lttatf (2 1 f 
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3) . }^^(DA'JjfJ^2lB}W^^i^^ (2 1 

4, 2 14M o |ffLl'VNy;!7- K;65 2lH]*{cPi:-r^fe 
tLff (2 15) , -^^^^y— K^Mliv^y T^/i-l-IH^^:^ 
y— K^fr/^;^!7— K;6^w^3A^i^ (2 17) . /N^y 
-Kflf^a^fflBf^^k^-T'Bt-^fki-^ (2 18) . 0t 

;^7":yy2 13, 2 1 5 L < l/>±J^(«lfl. ;^ 

7"^;/y'2iA, 2 1 BT\ K-®:-^T^v>5 J: 

10 [0 0 3 0] 7k\Z^ US ^#B§LT. /n;^I7— K'SMII 

i/>«ii^fe^2 2 o(;^o^/^TI^.PJ^i-^o S 0^0#(«^7^c^^ 
^-i^a^y-rrvh 2 0 oTil/^°:^y— KWa^^v 

/i/^t^^L (2 2 1) . 17 - K^^M^T -f/i/^^T 
rcpr2'^VK^ffiV^Tf^ai^-^<l 0 0^-$^i3^i-^ (2 
2 2) . l5i^Jc:/5g5iLfc;0^S:^^$rWlffL (2 2 3) . e 

Miil/^^r /l-argiJI^-t^ (2 2 4) , :^7^>;/y2 2 3 

20 ^^^a^tT5o 

[0 0 3 1 ] YXIZ.^ mS^mmi^X. l^a^f-^^l 0 0 
±T'CO/^:^y- K^^M^ai 2 0 (^o^/^TIft0^i-5. 1^ 

2 2 0^^ai-^o ^-f. hi) 

(12 1) , o^l-, ^^^;^I7- Ktf#B:7T-f /H 1 l;a^ 
e.^B/^^!7- Ktff^N:^^- ^if.;^iZ.t? (12 
2) o ?!fel-^-'fif$gDB 1 1 0±(7)/-^;^!7- K^if^ 

30 iAtp (12 3), r Y/^'^^o^/^T. iftff$gDB 

1 1 0±(O/>;^y— K^yr'Y/^'±^DfSy^;^^7— K;^^^ 

L^tntf (12 4). ff/^;^I7- K^-^— 1ftf$8DB 1 

1 0 Jiic:SB^^-i^:T (status : W^-t 

^ (12 5) . ^5-T;^^.^itHtf<SS(7:)fcoy^c^-^f 

?r^«L (12 8) . ^-^DmmB±(D status 

^ f^^M-r^ (129) , 

h(^^m^mT Lfzmz^ $Em^^x^fzyr-f/i-^m 
E^-f-^ (12 6) „ #^--iffijc:jifB*aa4'^«9 3^i- 

40 (127)0 

[0 0 3 2] 7Xizm6^mmi^x. 'gm^—y<i 0 o± 
"e'7:>^--ifMMffl^{'F;5c^ai 3 o^c-Di^rmmi-^. 

B 1 1 0 ±T^^^-if (DMfftf (13 

2) . m'^'t6^m'^m\m^v^u^^:^y^ L a 3 

-'}'^W,§[^%ii(Dt^M^Xh^t^^mmL (13 4) . 
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-5 (13 5). rix^^^5feSJ-^SL. ^^m-'k.^^ 
^y^i. (13 7) . ^^T~tri\i^^yyy^^ ')T- 
L (1 3 8) . ^:^-^(0^^y'7'km'J\.f:Lt-^'m\ 
L (13 9) , ^T-fS. 

[ 0 0 3 3 ] Wik\Z-. m 7 ^#R^LT. t^^^ ^^TV 
h 2 0 0..bl?tO::i---|f~tf?Bi:ff2 3 G^Col^TmP^-f- 

L (2 3 4) . :=^-"^^mtm.y r ^ ^^(r>t\m\^^^^x 

i^tP (2 3 5) , o^Hc. ffJii^-y-^1 0 Ot^hWf^^ 

(2 3 6) , Mfr^:^^Mtfii*p:7r -Y/^^cjg^jp^^iA 
(2 3 7) o ofHc, ^-~HfMfftf#:7r^yK7) 

8) . mm%^yr-(/^^mm^-^<\z,mm^^ (23 

*fii5:-a:7r^/MiWai^-y<;(c|si^^ti.^ (2 3 9) o 

[0 0 3 4] ±a5L/-^J; 5 EIllC:|o^l^T. t^g:^ y 
^T>h 2 0 0fl. 'M.^^^^y^^^ti.X^ 'm^\:L^<y^ 

oT>^>^y-" KtJO^M^^^tTl/^ (2 3 0) , 

tcyr^^^^'^m^-^^iookz^i.mrr^ (2 4 0) „ 

Mc^ LT. #t^ii^y^T>^h 2 0 0 7^^?,Mtf^T31^ 30 

l#T-r5 (14 0) , $53^^^l4Lfcc^^fc 
WSi^-/<i 0 OTii, m^\lWB\c&^y<y^^ 

(15 0) , 
[0 0 3 5] 

-$r?tJ)SLT. /^;^!7- Ktf$R^Pt-g-{t:LT^-;/ N r7-- 
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[ 0 0 3 6 ] i/c. f^St^-^^\„hTft^^tfS-r5/c:i6. 

[0 0 3 7] tfS^y— ^-^c^^tfS^ h 

:y^Sri^3v^TtTbtL5fc^. Vy — ^ .t^'lkh.^ V 
h(D^m^^^X^^o Z(D'i^^^ ^^yhy-^^(D^^ 

[Hi] ^mm(DmtMMmi>^x^y<y^y-yvmmm(o 
mwmxh^a 

m2] :^mm(Dm'&Mm{^j:^y<^y-y^m(o^^ri 

mxh^o 

[[3 4] ::^mm(DmMmM\^j:^'gm^'7-fT>h(Dy< 
[[115] ifm?i(owmm\^^'hm^'7=7-<T:yV(n^^ 

[0 6] -J^%W\(o%imim\^X.'b'^m^—^<(n>^—^^ 

[07] i^m?i(o%m{mK^hm'^^=7 4Ti^v(n:=L 

[0 8] hi^-^^fglE::^^!::^^^/;^^^® 
10 0 

1 1 0 ^-iftt$g^-^-<-^ 
120 ^Bf/^^yf^^N;^^— K^M*^L^ 

13 0 :^0#^^:yf^^^^ KM^g 

14 0 :^:0#/^:y^Mff^7ii*qWig^^S 

2 0 0 «^ai>^^T>b 

2 10 /<^y^ K^M^"=^> K 

2 2 0 '^^^y^y^^^y.v— K^Milv^fei^M^ 

2 3 0 ;^0#/<:y^/^^y- K^ffMS 

2 4 0 Mif^Tii^nigM 
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11112] 



130, 



100 



200 



162> 




211 



D B 



163 



230, 



mm 

— i 



200 



231 



232 



233 



\ ^210 




< 



214; 



^ ' 



> 



^215 



-I 



216 



A:^ IB/t - i^^m^it 



100. 



— 

I 
I 

-J 



r120 



I 



<i2l 



< 



<122 



> 



^123 
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ims] 



121 



120 



122 



nzK^- \^mmy T'<ju^ 

• req-oJd«,password 

• re q „ new> password 



<123 



- db» password 



1 



124 



req«oid^possword"db. password ? 




YES 



125 



^M^L-. status^ 



110 



,126 



NO 



'127 



YES 



^ ■ T 

-*« 1 Login Nome pass! 

r-^ 



Ml 



D B 



uo 



NO 



128 



fife^© ^ :t a. — tf <t ^ Si 





<129 


^ — tf D B <0 s t a t u s 











(110 



D B 
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=> shadow 1 



^ shadow 2 



^211 



2^2 



shadow 1 ==^sha(iow 2 ? 





pass 1 



mum- 1 



^214 



21A 



A:^*r'So 



=> pass 2 



214 



<pass 1 <f:pa«s 2 



215 



r2t7 



21B 



9 ~ HIhSi y T ^ Jl* ^ Log! n-nan!e'\ pass L 

<File A1Tributes> 
Owner Itu 

USER r-.' 
GROUP ' • - 
OTHER" 



218 



219 



C5D 
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105] 




220 



c 

1 









=> r ( 





,223 



> 



221 



222 



224 



7> h-hCDy-N-XQ- K^M:7 7-('/U.£ffl^ 



ins] 
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:ia6i 



130 

/ 



:i—tfKiSt0B(K>±:i-*f(O 



131 



132 



YES 



133 



'134 



NO / ytx 7— K^^v 



YES 



1 



135 



(Append) 



136 



137 



138 



NO 



YES 
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[E7] 



-a— !elWffi-y--A 




230 



^ - +f H*fr1t^ :7 r -f -5 



J 



235 



■236 



■7- Kfc^S-^S. 



237 



YES 



.238 

> 



'239 



